North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Blackholes and IXs and Completing the Attack.

  • From: Ben Butler
  • Date: Sun Feb 03 17:11:00 2008

Hi Barry,

Thank you for some really useful pointers, I am off to do some more

Kind Regards


-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of
Barry Greene (bgreene)
Sent: 03 February 2008 21:07
To: Christopher Morrow; Tomas L. Byrnes
Cc: [email protected]
Subject: RE: Blackholes and IXs and Completing the Attack.

Hash: SHA1


> anyway, the idea behind multi-as blackholing has been (and apparently 
> continues to get) rehashed a few times over the last 5-8 years... good

> luck!

It seems that way. People seem to forget about the conversations and
work around 2000 - 2002. We not only had RTBH (static), multi AS RTBH,
Source based RTBH (why uRPF Loose check was created), BGP Community
based packet filtering (QPPB - source or destination), Backscatter
Traceback (Chris and Brian's cool technique), Customer triggered RTBH
(another Chris and Brian trick), BGP Shunts (originally created for the
Great Firewall), MAPS's grow (which had multi-AS eBGP multihops BGP
RTBHs back in 1997 for anti-SPAM filtering), and then all the BGP
Flow-Spec work.

We even have a RFC - 3882 Configuring BGP to Block Denial-of-Service
Attacks. by D. Turk. published in September 2004.

This is a good conversation for NANOG, but we really need to build up
some FAQ so we don't keep going over the same things every year. 


Version: PGP 8.1